CVE-2024-50179

low-risk

Published 2024-11-08

In the Linux kernel, the following vulnerability has been resolved: ceph: remove the incorrect Fw reference check when dirtying pages When doing the direct-io reads it will also try to mark pages dirty, but for the read path it won't hold the Fw caps and there is case will it get the Fw reference.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (11)

Patch https://git.kernel.org/stable/c/11ab19d48ab877430eed0c7d83810970bbcbc4f6

Patch https://git.kernel.org/stable/c/126b567a2ef65fc38a71d832bf1216c56816f231

Patch https://git.kernel.org/stable/c/74b302ebad5b43ac17460fa58092d892a3cba6eb

Patch https://git.kernel.org/stable/c/9d4f619153bab7fa59736462967821d6521a38cb

Patch https://git.kernel.org/stable/c/c08dfb1b49492c09cf13838c71897493ea3b424e

Patch https://git.kernel.org/stable/c/c26c5ec832dd9e9dcd0a0a892a485c99889b68f0

Patch https://git.kernel.org/stable/c/ea98284fc4fb05f276737d2043b02b62be5a8dfb

Patch https://git.kernel.org/stable/c/f55e003d261baa7c57d51ae5c8ec1f5c26a35c89

Patch https://git.kernel.org/stable/c/f863bfd0a2c6c99011c62ea71ac04f8e78707da9

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal